DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 4th August 2017
scrummie02 scrummie02 is offline
Port Guard
 
Join Date: Nov 2011
Posts: 27
Default Routing between VLANs broken

Hello all.
Recently there was a power outage that caused my OpenBSD router to shut off. It was on a UPS but the battery drained before I had a chance to do anything about it as I was offsite.

Everything came back up, main switch, router. Problem is inter VLAN routing doesn't work. I have two switch ports trunked and routing vlans and using the vlan interfaces on openbsd. I now the switch is configured because I can talk to VM's across different hosts in the same VLAN which span the trunk, but when I talk to a host in a different VLAN, I cannot ping or communicate.

I've rebooted the OpenBSD firewall before - as well as the switch - and this has never happened.

Right now, I have segments down because they can't talk to each other. Is it possible the routing tables are messed up? Also, I use PF and packet tagging and it's never been an issue before.
Reply With Quote
  #2   (View Single Post)  
Old 4th August 2017
scrummie02 scrummie02 is offline
Port Guard
 
Join Date: Nov 2011
Posts: 27
Default

I enabled logging on all the vlan pass rules, I'm getting all passes, no blocks...so there's that. It doesnt look like PF is causing the blocks.
Reply With Quote
  #3   (View Single Post)  
Old 4th August 2017
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,884
Default

Would you be willing to post information that would allow us to look at the problem?

You could redact any Internet-facing addresses or private information. Display your routing table with route(8) or netstat(8), show us ifconfig(8) output, etc. Otherwise, there's little anyone here could do to help, unless they've seen your exact symptoms themselves.
Reply With Quote
  #4   (View Single Post)  
Old 4th August 2017
scrummie02 scrummie02 is offline
Port Guard
 
Join Date: Nov 2011
Posts: 27
Default

Quote:
Originally Posted by jggimi View Post
Would you be willing to post information that would allow us to look at the problem?

You could redact any Internet-facing addresses or private information. Display your routing table with route(8) or netstat(8), show us ifconfig(8) output, etc. Otherwise, there's little anyone here could do to help, unless they've seen your exact symptoms themselves.

Want the PF and routeing tables?
Reply With Quote
  #5   (View Single Post)  
Old 4th August 2017
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,884
Default

Sorry I wasn't clear. Start with ifconfig(8) and routing tables -- if the issue is with IPv4, you can limit your routing table output to that family, such as with $ route -n show -inet
Reply With Quote
  #6   (View Single Post)  
Old 4th August 2017
scrummie02 scrummie02 is offline
Port Guard
 
Join Date: Nov 2011
Posts: 27
Default

Quote:
Originally Posted by jggimi View Post
Sorry I wasn't clear. Start with ifconfig(8) and routing tables -- if the issue is with IPv4, you can limit your routing table output to that family, such as with $ route -n show -inet


Code:
Internet:
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
default            xxx.xxx.xxx.1       UGS        1     1366     -     8 re1
127/8              127.0.0.1          UGRS       0        0 33152     8 lo0
127.0.0.1          127.0.0.1          UH         3       50 33152     4 lo0
xxx.xxx.xxx/24      link#2             UC         1        0     -     4 re1
xxx.xxx.xxx.1       f4:b5:2f:07:b0:cf  UHLc       1        0     -     4 re1
xxx.xxx.xxx.129     127.0.0.1          UGHS       0        0 33152     8 lo0
192.168.50/24      link#9             UC         0        0     -     4 vlan200
192.168.100/24     link#3             UC         0        0     -     4 fxp0
192.168.110/24     link#7             UC         5        0     -     4 vlan110
192.168.110.4      00:50:56:9e:4d:11  UHLc       0       67     -     4 vlan110
192.168.110.50     00:50:56:9f:e4:91  UHLc       0       96     -     4 vlan110
192.168.110.70     00:50:56:9f:7f:30  UHLc       0       90     -     4 vlan110
192.168.110.71     00:50:56:9f:46:01  UHLc       0       97     -     4 vlan110
192.168.110.72     00:50:56:9f:82:96  UHLc       0      306     -     4 vlan110
192.168.120/24     link#8             UC         2        0     -     4 vlan120
192.168.120.2      00:50:56:9e:18:62  UHLc       0      440     -     4 vlan120
192.168.120.3      00:50:56:9e:72:16  UHLc       0      382     -     4 vlan120
192.168.150/24     link#10            UC         0        0     -     4 vlan300
192.168.200/24     link#1             UC        12        0     -     4 re0
192.168.200.9      00:50:56:80:d7:bf  UHLc       0       15     -     4 re0
192.168.200.10     00:50:56:9e:08:c5  UHLc       0       47     -     4 re0
192.168.200.11     00:50:56:9e:30:24  UHLc       0      299     -     4 re0
192.168.200.13     00:50:56:80:bb:e4  UHLc       0        0     -     4 re0
192.168.200.16     00:25:90:c5:92:b7  UHLc       0        9     -     4 re0
192.168.200.17     00:30:48:dc:76:75  UHLc       0       50     -     4 re0
192.168.200.22     00:50:56:9f:3b:8d  UHLc       0       12     -     4 re0
192.168.200.51     00:50:56:80:f7:70  UHLc       1      130     -     4 re0
192.168.200.56     00:50:56:80:7e:00  UHLc       0       23     -     4 re0
192.168.200.113    1c:6f:65:35:08:b3  UHLc       0      587     -     4 re0
192.168.200.119    10:1c:0c:65:f4:e2  UHLc       0        0     -     4 re0
192.168.200.132    00:26:b8:9c:24:14  UHLc       0        0     -     4 re0
224/4              127.0.0.1          URS        0        0 33152     8 lo0
Code:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33152
        priority: 0
        groups: lo
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
        inet 127.0.0.1 netmask 0xff000000
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:25:90:3a:62:1e
        priority: 0
        media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
        status: active
        inet 192.168.200.252 netmask 0xffffff00 broadcast 192.168.200.255
        inet6 fe80::000:000:000:000e%re0 prefixlen 64 scopeid 0x1
re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:25:90:3a:62:1f
        priority: 0
        groups: egress
        media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
        status: active
        inet6 fe80::000:000:000:000f%re1 prefixlen 64 scopeid 0x2
        inet xxx.xxx.xxx.xxx netmask 0xffffff00 broadcast xxx.xxx.xxx.255
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:d0:a8:00:e8:ad
        priority: 0
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 192.168.100.252 netmask 0xffffff00 broadcast 192.168.100.255
        inet6 fe80::2d0:a8ff:fe00:e8ad%fxp0 prefixlen 64 scopeid 0x3
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:d0:a8:00:e8:ae
        priority: 0
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet6 fe80::2d0:a8ff:fe00:e8ae%fxp1 prefixlen 64 scopeid 0x4
enc0: flags=0<>
        priority: 0
        groups: enc
        status: active
vlan110: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:d0:a8:00:e8:ae
        priority: 0
        vlan: 110 parent interface: fxp1
        groups: vlan
        status: active
        inet6 fe80::2d0:a8ff:fe00:e8ae%vlan110 prefixlen 64 scopeid 0x7
        inet 192.168.110.1 netmask 0xffffff00 broadcast 192.168.110.255
vlan120: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:d0:a8:00:e8:ae
        priority: 0
        vlan: 120 parent interface: fxp1
        groups: vlan
        status: active
        inet6 fe80::2d0:a8ff:fe00:e8ae%vlan120 prefixlen 64 scopeid 0x8
        inet 192.168.120.1 netmask 0xffffff00 broadcast 192.168.120.255
vlan200: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:d0:a8:00:e8:ae
        priority: 0
        vlan: 200 parent interface: fxp1
        groups: vlan
        status: active
        inet6 fe80::2d0:a8ff:fe00:e8ae%vlan200 prefixlen 64 scopeid 0x9
        inet 192.168.50.253 netmask 0xffffff00 broadcast 192.168.50.255
vlan300: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:d0:a8:00:e8:ae
        priority: 0
        vlan: 300 parent interface: fxp1
        groups: vlan
        status: active
        inet6 fe80::2d0:a8ff:fe00:e8ae%vlan300 prefixlen 64 scopeid 0xa
        inet 192.168.150.1 netmask 0xffffff00 broadcast 192.168.150.255
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33152
        priority: 0
        groups: pflog
Reply With Quote
  #7   (View Single Post)  
Old 4th August 2017
scrummie02 scrummie02 is offline
Port Guard
 
Join Date: Nov 2011
Posts: 27
Default

I'd like to add, I can ping the host from the VLAN and when doing TCPDUMP I can see traffic go through as I've enabled logging to troubelshoot the issue. No blocks occuring.
Reply With Quote
  #8   (View Single Post)  
Old 4th August 2017
scrummie02 scrummie02 is offline
Port Guard
 
Join Date: Nov 2011
Posts: 27
Default

Here is an example


Code:
# tcpdump -n -e -ttt -i pflog0 src host 192.168.110.70
tcpdump: WARNING: snaplen raised from 116 to 160
tcpdump: listening on pflog0, link-type PFLOG
Aug 04 11:15:16.653652 rule 43/(match) pass in on vlan110: 192.168.110.70.62347 > 192.168.120.3.53: 14227+[|domain]
Aug 04 11:15:17.653134 rule 43/(match) pass in on vlan110: 192.168.110.70.62347 > 192.168.120.2.53: 14227+[|domain]
Aug 04 11:15:28.655046 rule 57/(match) pass in on vlan110: 192.168.110.70.137 > 192.168.110.255.137: udp 50
Reply With Quote
  #9   (View Single Post)  
Old 4th August 2017
scrummie02 scrummie02 is offline
Port Guard
 
Join Date: Nov 2011
Posts: 27
Default

I'm on the managment VLAN and can ping the gateway interface for the VLAN110 VLAN

Code:
C:\Users\me>ping 192.168.200.252

Pinging 192.168.200.252 with 32 bytes of data:
Reply from 192.168.200.252: bytes=32 time<1ms TTL=255
Reply from 192.168.200.252: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.200.252:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
^C
C:\Users\me>ping 192.168.110.1

Pinging 192.168.110.1 with 32 bytes of data:
Reply from 192.168.110.1: bytes=32 time<1ms TTL=255
Reply from 192.168.110.1: bytes=32 time<1ms TTL=255
Reply from 192.168.110.1: bytes=32 time<1ms TTL=255
Reply from 192.168.110.1: bytes=32 time<1ms TTL=255
Reply With Quote
Old 5th August 2017
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,884
Default

I don't see anything glaringly obvious.

I'm confused by your loopback route for xxx.xxx.xxx.129.

Is your IP forwarding sysctl enabled?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can mrouted be used between vlans? sparky OpenBSD General 6 29th April 2014 01:36 PM
FreeBSD 8.0-RELEASE and VLANs GFORGX FreeBSD General 1 11th August 2010 09:28 PM
videocard broken? gosha General Hardware 6 14th September 2009 05:25 AM
vlans and pfstat zomo OpenBSD General 4 9th July 2009 09:19 PM
Configuring VLANs under FreeBSD Popof FreeBSD General 5 13th May 2008 04:08 PM


All times are GMT. The time now is 09:39 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick